CVE-2017-17045
Gentoo Linux Security Advisory 201801-14
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
Se ha descubierto un problema en Xen hasta la versión 4.9.x que permite que los usuarios invitados HVM del sistema operativo obtengan privilegios en el host del sistema operativo, obtengan información sensible o provoquen una denegación de servicio (error y cierre inesperado del host del sistema operativo) aprovechando la gestión incorrecta de errores PoD (Populate on Demand) P2M (Physical-to-Machine).
Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-28 CVE Reserved
- 2017-11-28 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102013 | Third Party Advisory | |
| http://www.securityfocus.com/bid/102129 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039879 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/0... | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/1... | Mailing List |
|
| https://support.citrix.com/article/CTX230138 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201801-14 | 2019-10-03 |